Novell Home

CVE-2012-0884

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2012-0884 at MITRE

Description

The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack (MMA) adaptive chosen ciphertext attack.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Novell/SUSE information

Note from the SUSE Security Team

This issue does affect openssl on SUSE Linux Enterprise 11 and later. It will not affect SSL and TLS connections, as these usually do not use these methods to process messages. Please also read the upstream advisory.,This issue does affect openssl on SUSE Linux Enterprise 11 and later. It will not affect SSL and TLS connections, as these usually do not use these methods to process messages. Please also read the upstream advisory.

Novell Bugzilla entries: 749210, 749735, 751977, 754640, 761819

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP1
SUSE Linux Enterprise Software Development Kit 11 SP2
  • libopenssl-devel >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.32.1
  • openssl >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.32.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.32.1
  • openssl >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.32.1
  • libopenssl0_9_8-32bit >= 0.9.8j-0.32.1
  • openssl >= 0.9.8j-0.32.1
  • openssl-doc >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP1 for VMware
SUSE Linux Enterprise Server 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.32.1
  • openssl >= 0.9.8j-0.32.1
  • openssl-doc >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054
SUSE Linux Enterprise Server 11 SP1
SUSE Linux Enterprise Server 11 SP2
  • libopenssl0_9_8 >= 0.9.8j-0.32.1
  • libopenssl0_9_8-x86 >= 0.9.8j-0.32.1
  • openssl >= 0.9.8j-0.32.1
  • openssl-doc >= 0.9.8j-0.32.1
Builds
SAT Patch Nr: 6054

© 2014 Novell